What is PCI Compliance?

PCI Compliance

In the highly connected world we live in, data security has become an increasingly important aspect of business management. Especially for merchants swiping and storing their fair share of customer credit card information.


Beyond that, securing payments has become a requirement. Launched in 2006, the Payment Card Industry Security Standards Council has made it their mission to improve payment account security through the transaction process. In doing so, they work to hold all sellers to a certain set of standards.


PCI compliance sets forth a series of regulations for merchants to follow in safely accepting, storing, processing and transmitting customer credit card data. Merchants that accept cards as a method of payment are expected to adhere to these set standards for the sake of protecting themselves against possible data breaches.

Where Can Cardholder Data Be Stolen From?

Businesses can be made vulnerable to attacks just as easily as someone sitting down to use free public wifi at a coffee shop.


Here are some common places where cardholder data can be easily compromised:


  • Payment system databases
  • Credit card readers
  • Store wireless or wired networks
  • Paper documentation and filing cabinets
  • Security camera network recordings


Once cardholder data is captured at the point of sale, it becomes your responsibility as a seller to keep that information protected. The easiest way to do so is by following the requirements laid out by the PCI council.

The 4 Levels of PCI Compliance

In order to achieve PCI compliance, sellers must follow requirements laid out around four merchant levels. These categories are determined by transaction volume during a 12-month period.


  1. Sellers that process over 6M transactions per year.
  2. Sellers that process 1M to 6M transactions per year.
  3. Sellers that process 20,000 to 1M transactions per year.
  4. Sellers that process fewer than 20,000 transactions per year.


There’s a 3-step process involved in becoming PCI compliant. It involves first taking inventory of IT assets and cardholder data, then assessing them for vulnerabilities. After that comes the fixing of said vulnerabilities, followed by submitting reports to relevant bank and credit card brands.

Penalties for PCI Non-Compliance

If your business does not fall within PCI compliance guidelines, you leave yourself at risk of more than just data breaches. You become subject to fines, audits, investigations, and worst of all — you leave your customers questioning the trustworthiness of your brand.


The penalties associated with non-compliance can also be detrimental to long term business growth from a financial standpoint. Credit card brands can end up issuing fines to your acquiring bank, running the risk of terminated contracts or increased fees for transactions.


If you’re unsure of whether or not your business is compliant, it doesn’t hurt to do the research and hire a consultant. Additionally, make sure you’re partnering with business management tools that champions security and put your merchants first.


Contact the IRIS CRM team today to learn more about our offered solutions.

Schedule Demo